In communications networks today, the devices that are used by persons or through which users are authenticated to a network are themselves in some way authenticated to a network. For example, in a typical Microsoft Active Directory-based network (or other network that employs a directory) a computer attached to the network receives a software-based token stored on the device, and is joined (i.e., authenticated) to the network. Then, when a user needs access to either the computer or resources on the network, he authenticates with a username or password that is compared to what is stored in the directory. In many business scenarios this method has proved to provide adequate security to the network.
But in more secure environments, this approach to authentication has not proven secure enough. Companies such as RSA Security, Verisign, Oblix, SafeNet, and others have provided expensive two-factor authentication using token or token-less based add-ons that further expand on this principle. Most of these solutions use public key cryptography to encrypt the transmission or token data, in order to secure the elements of the identity. But these systems have proven expensive to deploy, difficult and costly to maintain, lack scalability for every user on the Internet, and are too complicated for the typical end user.
Another drawback to these systems is the processing overhead. In his book, Applied Cryptography, Second Edition, John Wiley & Sons, New York, 1996, Bruce Schneier states: “Public-key algorithms are slow. Symmetric algorithms are generally at least 1000 times faster than public-key algorithms”. This fact introduces limitations to widespread use of small or low processing powered devices such as cell phones, personal digital assistants (PDAs) or 802.1x wireless devices.
A current standard for encryption of data on the Internet is through the use of X.509 Certificates. Certificates employ public key cryptography and typically expire, making them a recurring maintenance cost. The methodology behind verification of certificate-based authentication is the use of a Certificate Authority (CA). The idea is that a user or application can present a certificate to a Certifying Authority to validate the authenticity and validity of the certificate. Presently, many companies compete in this space and there is no available scalable and affordable method to distribute certificates to every user on the Internet. Due to the need for security, the use of Certificates has caused identities to proliferate. Many companies may have more than one certificate from more than one Certificate Authority, making this methodology cumbersome and inadequate. Of even greater concern is the fact that digital certificates can be forged and copied.
On the a global communications network of connected networks such as the Internet, different mechanisms exist for an Internet Service Provider (ISP) to allow access to their privately owned and controlled network that is connected to the Internet backbone. These mechanisms typically employ both a username and password using the Remote Authentication Dial In User Service (RADIUS) protocol for wireless networks, a username and password for Point-to-Point Protocol over Ethernet (PPPoE) protocol for Digital Subscriber Line (DSL), or a network interface physically stored identifier (such as a Media Access Control (MAC) address) as typically used in cable networks. Many other combinations of authentication and access to an Internet connected network also exist.
But none of these methods accurately identify the user of the device connected to the network. Frequently, many users utilize a single connection to purchase network access to other Internet connected networks. In order for the Internet to function, each device connected to it must have an assigned number. The U.S.-based Defense Advanced Research Projects Agency (DARPA) project that created the Internet has created standards of communication and control bodies by which numbers are assigned for American Registry for Internet Numbers (ARIN), Internet Assigned Numbers Authority (IANA), and others. The original design of the Internet was for research facilities through out the world to share information easily. But the commercial value of connecting all communications networks soon became a more dominant use. Again, as above, the device or network does not necessarily authenticate the user.
In 1994, the Internet Engineering Task Force (IETF) released its first draft for IPv6, the replacement for the current Internet standard protocol. Within the draft of the proposal, the IETF formed a security methodology for secure communications. Identified in the document was a deficiency for the exchange of public keys. At the time, it was pointed out that “an Internet-wide public-key infrastructure is required”. The encryption methodology for the secure component of IPv6 recommended in this draft is public key cryptography. Public key cryptography typically uses a method for employing the encryption known as a digital certificate (X.509 standard). But there is another method of encryption that could be used, known as a shared secret. In his paper attached as Appendix A, Timo Aalto states, “[i]n manual key management, the system's own keys, and also the keys of the communicating systems are configured manually to the system. This may work in a small and static environment, but does not scale”. Thus, manually configured shared secrets are useless as a standard, as every website would have to share a secret with its users. So today digital certificates issued by Certificate Authorities are the current standard of distribution. However, Timo Aalto also states, “[w]idespread use of IP security will require an Internet standard scalable key management protocol. A number of candidates of the key management protocols have been proposed: ISAKMP [“Internet Security Association and Key Management Protocol”], SKIP [“Simple Key-management For Internet Protocols”], Oakley, Photuris, and SKEME; so far none of them has been adopted as a standard. A more descriptive information about IPv6 key management protocols can be found” attached as Appendix B. The lack of a standard has prevented widespread use and adoption of IPv6.
In the current world of identity communication, X.509 digital certificates are being used to provide credentials for identity. These certificates can be purchased through a Certificate Authority that assumes the responsibility of managing the certificate's expiration. These systems involve “Web of Trust” based trust models. In order to obtain a trusted system, the scheme involves a public accounting firm to be chosen to audit a Certificate Authority that an entity chooses to trust. Certificate Authorities issue certificates to entities through a variety of means, the most prevalent being an e-commerce application that does not verify the entity except through the payment instrument. Since payment instruments can be forged or stolen, without an in person interview there is no way to positively identify the applicant. The certificate model is flawed in several ways:
The process to obtain the certificate is subject to computer fraud.
Certificates can be forged, copied, and stolen.
Certificates require frequent “root server updates” to validate the certificate.
Self Signed Certificates can be issued and generated by anyone using Open SSL, an open source version, and do not require a Certificate Authority to function.
In the “Identity Commons” trust model, derived from the Intermind Corporation U.S. Pat. No. 6,044,205, the user is only registering a globally unique name with the system. As in the CA trust model, typically the only identity verification is through the payment instrument. While “Identity Commons” is useful for single sign-on to trusted systems, anyone armed with the name and password can steal the identity.
An additional problem posed by most systems in use today is there is no positive way to identify the user of a device. For example, in the cell phone network, typically devices are authenticated for use by an identifier stored in the device. However, in this example, there is no positive way to identify the user of the device. The device typically has a way to lock the keypad with a code only known to the user to prevent unauthorized use; but to date, there is no positive way to identify the user. Inventions exist to tie the device to a user, such as token-less biometric sampling, the use of a personal identification code or number (PIC or PIN), a token such as a credit card, and other token or token-less methods and combinations thereof. But in the case of a cell phone, these inventions have proven to be cumbersome, expensive, defeatable, or for other reasons not implemented.
In the telephone network a number is assigned to wires run to a home or business. As above, there is no positive way to guarantee the user's identity.
In the Automated Teller Machine (ATM) network, an ATM is authenticated and monitored through software. But since most of these networks rely on the use of a token, such as a credit card, that can be passed to another user or stolen, once again there does not exist a method to verify the authenticity of the user of the token. Biometric devices are seen as the solution to this problem. But biometric devices have seen slow adoption for a variety of reasons that are primarily behavioral in nature (fear of germs, etc.), not to mention that the reasonably priced models can be readily defeated.
Identity theft is another problem area resulting from software intrusion that captures an end user's keyboard input and can capture screen shots of the user's personal computers allowing them to pose as the identity. In fact, many of these intruder programs are sophisticated enough to turn on an attached camera or microphone and actually listen to or view what is in the room with the computer! The number one intrusion is capturing a user's keystrokes as they input a username and password, to access financial or other data.
Another form of identity theft comes from what are referred to as “phishing emails”. These emails are carefully crafted and contain a link to a false web site masquerading as the real site. When the user authenticates to (what he or she thinks is) the real site, the false site is able to capture the user's credentials. Today, there is no simple, reliable way to communicate to the unsophisticated user that they have accessed an application that does not belong to the entity they believe it to be.
Accordingly, a need remains for a way to authenticate users without relying on certificates, usernames and passwords, and other techniques that can be intercepted, forged, or captured by deception that addresses these and other problems associated with the prior art.